MikroTik Firewall: Destination NAT / Redirect

On the Firewall of the MikroTik RouterOS, you can also do NAT (Network Address Translation). The NAT can be done on the source address which is most of the time that we use masquerade (we already know about this because I spoke about it in this book), or we can do NAT for the destination address that I am going to show it to you in this LAB.

In this LAB I have to show you how you can redirect the traffic going to any http website to go to the router WebFig.

You can do that using the action dst-nat or redirect.

Let’s start with dst-nat. Frist I need to disable all filter rules that I have created in the previous LABs so they do not interfere with this LAB:

[mepr-show rules=”319″ unauth=”message”]

Let’s now create the NAT rule so any traffic going to any http website to be redirected to the MikroTik router WebFig (I will use the action dst-nat):

This will say that any traffic going to TCP port 80 (so http), to be redirected to the address on port 80 (that means WebFig).

I will try now to open http://maict-consult.com and see what I will get:

Wonderful!!!! It is opening the WebFig for me ????

Another way to do this is to use the action “redirect”. When you say action “redirect” then you are saying that the traffic will be redirected only to the MikroTik router. While with action “dst-nat”, you could send the traffic to another IP address if you want, for example to another website IP address, got me?

Let’s change the rule and make it as action “redirect”:

Once I have changed the action to “redirect”, we do not see “to addresses” anymore as it was on the action “dst-nat”. This says that the traffic will be only redirected to the router itself.

Let’s see if the WebFig will open now if I go to another http website which is http://example.com

Indeed!!!!! the Webfig has opened after I visited example.com ????



Submit a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.

Please Login to Reply or add a comment!